Loading ...

Play interactive tourEdit tour

Windows Analysis Report INV0021Faa.html

Overview

General Information

Sample Name:INV0021Faa.html
Analysis ID:546460
MD5:adac3356907246fabfbe1d1f5e0279b9
SHA1:ce6caf3c990c30123885163c1d262f51577cb3bc
SHA256:23c21967bfaf24cd52fb902c6268482e8bb04e809a87d38974760199cb261e3b
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Phishing site detected (based on image similarity)
Drops PE files
PE file contains sections with non-standard names
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6520 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\INV0021Faa.html MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,14366291854366505072,2533273598033079167,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
INV0021Faa.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing:

    barindex
    Yara detected HtmlPhish44Show sources
    Source: Yara matchFile source: INV0021Faa.html, type: SAMPLE
    Phishing site detected (based on image similarity)Show sources
    Source: file:///C:/Users/user/Desktop/INV0021Faa.html?bbre=TxUnVJlgvBWRbujz#/pUMcazDPSARCxQJqW-!@&8VgDl4ibu3e0EvInkQRr&@!QBmM6SY35cCfw74ZLksnAeJx@&!-ZnJhbmNpc2NvLm1vbnRlc0BmYWEuZ292-CFlsDXHpgBLEijAYQReJPromVOz/GIgfeBlFjEpUONyMXnZkJthxvCMatcher: Found strong image similarity, brand: Microsoft image: 40694.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: HTML title missing
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: HTML title missing
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: Number of links: 0
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: Number of links: 0
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="author".. found
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="author".. found
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="copyright".. found
    Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\6520_1222469217\LICENSE.txtJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49852 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49853 version: TLS 1.2
    Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.1.dr
    Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.1.dr
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 67.199.248.11 67.199.248.11
    Source: Joe Sandbox ViewIP Address: 67.199.248.11 67.199.248.11
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: Ruleset Data.1.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: Filtering Rules.1.dr, Ruleset Data.1.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
    Source: Filtering Rules.1.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
    Source: angular.js.1.drString found in binary or memory: http://angularjs.org
    Source: widevinecdm.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: angular.js.1.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
    Source: pnacl_public_x86_64_pnacl_sz_nexe.1.drString found in binary or memory: http://llvm.org/):
    Source: widevinecdm.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: widevinecdm.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: widevinecdm.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: widevinecdm.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
    Source: Reporting and NEL.5.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=AB8QygyE6nBkRZ3ZF8ZzhQCUdHrtnmWzA6ZmYiH9se1GEQvvE%2FnRWzeDV
    Source: Reporting and NEL.5.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=n0xPgyG5%2FRtOvSz7XS3uNzU8J88kqV1R5%2B7Z5YbWO4POfRkSxc8z06w
    Source: Reporting and NEL.5.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=sjpUiR3XJV9LK6r0J5gGoourEpNV36iP6jWypWva%2BD1qrLdhCos54abvk
    Source: data_1.5.drString found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
    Source: data_1.5.drString found in binary or memory: https://aadcdn.msauthimages.net/dbd5a2dd-ia8fem-jcdyrtfx1us9rdxdcdqcdvk6yqvbu7dqjqk/logintenantbrand
    Source: Network Action Predictor.1.drString found in binary or memory: https://account.live.com/
    Source: data_2.5.dr, Current Session.1.drString found in binary or memory: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_HFeToeM4u6fzMQF_f_rQ5Q
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_white_ufRYlllWOw4YyDRi
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg5x
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_White_4MYDQRab31HKDWWN-1HafA2.svg
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/favicon.ico
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/favicon.ico4
    Source: data_1.5.drString found in binary or memory: https://account.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: Current Session.1.drString found in binary or memory: https://account.live.com/password/reset
    Source: manifest.json8.1.dr, 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://accounts.google.com
    Source: craw_window.js.1.drString found in binary or memory: https://accounts.google.com/MergeSession
    Source: Network Action Predictor.1.drString found in binary or memory: https://acctcdn.msauth.net/
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1$
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svgw
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
    Source: Favicons.1.dr, data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1:.
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1a
    Source: data_1.5.drString found in binary or memory: https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1
    Source: 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://ajax.googleapis.com
    Source: data_1.5.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
    Source: data_1.5.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jso
    Source: manifest.json8.1.dr, 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://apis.google.com
    Source: mirroring_common.js.1.drString found in binary or memory: https://apis.google.com/js/client.js
    Source: Favicons.1.dr, History.1.dr, Current Session.1.dr, data_1.5.drString found in binary or memory: https://bit.ly/39KyDE6
    Source: History.1.drString found in binary or memory: https://bit.ly/39KyDE6Recover
    Source: data_1.5.drString found in binary or memory: https://bit.ly/39KyDE6~r
    Source: mirroring_common.js.1.drString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
    Source: data_1.5.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js
    Source: data_1.5.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js
    Source: data_1.5.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js?
    Source: data_1.5.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js
    Source: data_1.5.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js
    Source: data_1.5.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.jsf
    Source: pnacl_public_x86_64_libcrt_platform_a.1.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
    Source: pnacl_public_x86_64_libcrt_platform_a.1.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://clients2.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients2.google.com/cr/report
    Source: manifest.json6.1.dr, manifest.json0.1.dr, manifest.json8.1.dr, manifest.json.1.dr, manifest.json3.1.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://clients2.googleusercontent.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients6.google.com
    Source: pnacl_public_x86_64_ld_nexe.1.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
    Source: pnacl_public_x86_64_ld_nexe.1.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
    Source: 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://content-autofill.googleapis.com
    Source: data_1.5.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCZ1PG8T4iKcFEgk
    Source: manifest.json8.1.drString found in binary or memory: https://content.googleapis.com
    Source: common.js.1.dr, mirroring_cast_streaming.js.1.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
    Source: LICENSE.txt.1.drString found in binary or memory: https://creativecommons.org/.
    Source: LICENSE.txt.1.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
    Source: data_3.5.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Source: data_3.5.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
    Source: Reporting and NEL.5.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
    Source: data_3.5.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
    Source: 70e75435-f17d-4f89-9761-d950e81c15d3.tmp.5.dr, 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://dns.google
    Source: mirroring_common.js.1.drString found in binary or memory: https://docs.google.com
    Source: LICENSE.txt.1.drString found in binary or memory: https://easylist.to/)
    Source: manifest.json8.1.drString found in binary or memory: https://feedback.googleusercontent.com
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.drString found in binary or memory: https://fonts.googleapis.com
    Source: manifest.json8.1.drString found in binary or memory: https://fonts.googleapis.com;
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://fonts.gstatic.com
    Source: manifest.json8.1.drString found in binary or memory: https://fonts.gstatic.com;
    Source: angular.js.1.dr, material_css_min.css.1.drString found in binary or memory: https://github.com/angular/material
    Source: LICENSE.txt.1.drString found in binary or memory: https://github.com/easylist)
    Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.clients6.google.com
    Source: manifest.json8.1.drString found in binary or memory: https://hangouts.google.com/
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
    Source: mirroring_common.js.1.drString found in binary or memory: https://meet.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://meetings.clients6.google.com
    Source: mirroring_common.js.1.drString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://ogs.google.com
    Source: manifest.json.1.dr, craw_window.js.1.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://play.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
    Source: 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://r1---sn-4g5ednds.gvt1.com
    Source: data_1.5.drString found in binary or memory: https://r1---sn-4g5ednds.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=102.1
    Source: 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://redirector.gvt1.com
    Source: data_1.5.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
    Source: data_1.5.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdicy
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/0fda87d404207afe321a1d8602f3af0fnbr1640
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/8d89f8b4f253a55a61bc00d846cbc04f.js
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/css/0fda87d404207afe321a1d8602f3af0fnbr
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/css/5ad63506b690f9a01909472b7edb863enbr
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/imgs/arrow_left.svg
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/imgs/ellipsis_grey.svg
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/imgs/ellipsis_grey.svg9
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/imgs/ellipsis_white.svg
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/imgs/microsoft_logo.svg
    Source: data_1.5.drString found in binary or memory: https://rikapcndmmooz.firebaseapp.com/bhbfzcvghndgxcx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301640
    Source: manifest.json.1.dr, craw_window.js.1.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
    Source: data_1.5.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://ssl.gstatic.com
    Source: messages.json27.1.dr, messages.json52.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json28.1.dr, messages.json72.1.dr, messages.json73.1.dr, messages.json10.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json9.1.dr, messages.json62.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json1.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json30.1.dr, messages.json49.1.dr, messages.json46.1.dr, messages.json50.1.dr, messages.json25.1.dr, messages.json63.1.dr, messages.json6.1.dr, messages.json47.1.dr, messages.json65.1.dr, messages.json12.1.dr, messages.json79.1.dr, messages.json32.1.dr, messages.json2.1.dr, messages.json45.1.dr, messages.json71.1.dr, messages.json5.1.dr, messages.json64.1.dr, messages.json66.1.dr, messages.json67.1.dr, messages.json31.1.dr, messages.json0.1.dr, messages.json11.1.dr, messages.json16.1.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
    Source: messages.json27.1.dr, messages.json52.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json28.1.dr, messages.json72.1.dr, messages.json73.1.dr, messages.json10.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json9.1.dr, messages.json62.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json1.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json30.1.dr, messages.json49.1.dr, messages.json46.1.dr, messages.json50.1.dr, messages.json25.1.dr, messages.json63.1.dr, messages.json6.1.dr, messages.json47.1.dr, messages.json65.1.dr, messages.json12.1.dr, messages.json79.1.dr, messages.json32.1.dr, messages.json2.1.dr, messages.json45.1.dr, messages.json71.1.dr, messages.json5.1.dr, messages.json64.1.dr, messages.json66.1.dr, messages.json67.1.dr, messages.json31.1.dr, messages.json0.1.dr, messages.json11.1.dr, messages.json16.1.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
    Source: data_1.5.drString found in binary or memory: https://unpkg.com/axios
    Source: data_1.5.drString found in binary or memory: https://unpkg.com/lodash
    Source: data_1.5.drString found in binary or memory: https://unpkg.com/vue
    Source: data_1.5.drString found in binary or memory: https://unpkg.com/vue-router
    Source: data_1.5.drString found in binary or memory: https://valdia.quatiappcn.pw/61cb4263a360594772059587.js
    Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
    Source: widevinecdm.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: manifest.json8.1.dr, 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://www.google.com
    Source: manifest.json.1.drString found in binary or memory: https://www.google.com/
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/cleardot.gif
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/dot2.gif
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/x2.gif
    Source: craw_background.js.1.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
    Source: feedback_script.js.1.drString found in binary or memory: https://www.google.com/tools/feedback
    Source: manifest.json8.1.drString found in binary or memory: https://www.google.com;
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.dr, craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://www.googleapis.com
    Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
    Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
    Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/meetings
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
    Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/sierra
    Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
    Source: manifest.json8.1.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
    Source: mirroring_common.js.1.drString found in binary or memory: https://www.googleapis.com/calendar/v3
    Source: mirroring_common.js.1.drString found in binary or memory: https://www.googleapis.com/hangouts/v1
    Source: 1bec9f5d-a2ba-4eb6-94e7-265b05b488c1.tmp.5.dr, 2abc6584-ef69-4bc4-961f-ae06fbe3af21.tmp.5.dr, 4bd82e26-9be5-42f1-83be-5f62335dd58f.tmp.5.drString found in binary or memory: https://www.gstatic.com
    Source: common.js.1.drString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
    Source: manifest.json8.1.drString found in binary or memory: https://www.gstatic.com;
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: global trafficHTTP traffic detected: GET /61cb4263a360594772059587.js HTTP/1.1Host: valdia.quatiappcn.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/css/0fda87d404207afe321a1d8602f3af0fnbr1640710754.css HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/css/5ad63506b690f9a01909472b7edb863enbr1640710754.css HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/0fda87d404207afe321a1d8602f3af0fnbr1640710754.js HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/8d89f8b4f253a55a61bc00d846cbc04f.js HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301640710746.js HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/microsoft_logo.svg HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/ellipsis_white.svg HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikapcndmmooz.firebaseapp.com
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikapcndmmooz.firebaseapp.com
    Source: global trafficHTTP traffic detected: GET /dbd5a2dd-ia8fem-jcdyrtfx1us9rdxdcdqcdvk6yqvbu7dqjqk/logintenantbranding/0/illustration?ts=636686637958865218 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikapcndmmooz.firebaseapp.com
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/arrow_left.svg HTTP/1.1Host: rikapcndmmooz.firebaseapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /dbd5a2dd-ia8fem-jcdyrtfx1us9rdxdcdqcdvk6yqvbu7dqjqk/logintenantbranding/0/bannerlogo?ts=636686627099613046 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/arrow_left.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikapcndmmooz.firebaseapp.com
    Source: global trafficHTTP traffic detected: GET /dbd5a2dd-ia8fem-jcdyrtfx1us9rdxdcdqcdvk6yqvbu7dqjqk/logintenantbranding/0/bannerlogo?ts=636686627099613046 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msauthimages.net
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikapcndmmooz.firebaseapp.comIf-Modified-Since: Wed, 29 Dec 2021 01:10:47 GMTIf-None-Match: "b1336d85e1a0c89eea2a4969953d0326f0faedd47871ea522033f7f6e513ea57"
    Source: global trafficHTTP traffic detected: GET /bhbfzcvghndgxcx/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikapcndmmooz.firebaseapp.comIf-Modified-Since: Wed, 29 Dec 2021 01:10:47 GMTIf-None-Match: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e"
    Source: global trafficHTTP traffic detected: GET /39KyDE6 HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /accountcorepackage_UH__VcmA5_qVhPpsKA_TNQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /oneds_EMWt_lK9fDTY6ZqY6xYrUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -&g